MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4ca965db7cfd5944b5d6902f391f91f7c3994973955f2af97a91ec146977cc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: f4ca965db7cfd5944b5d6902f391f91f7c3994973955f2af97a91ec146977cc4
SHA3-384 hash: d802bccde8baf6a0645cea0126aa94fe287048a7d2d1228e0df7761ebd04d7082b021247335b0ca5b7f0983fd1f8bc09
SHA1 hash: bf31d7905e28e9ab32348471bb7a497d82c6aff7
MD5 hash: 0f594997983db981f447a2ee5d640129
humanhash: social-wolfram-lemon-mexico
File name:MFC PROJECT DETAILS.exe
Download: download sample
Signature FormBook
File size:415'744 bytes
First seen:2020-06-30 06:30:31 UTC
Last seen:2020-06-30 07:45:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:zjSyXYeYVOQF6aoNyYW7jVqYmbhC/H8d:tXlY14vj40YmQ/8
TLSH 5C94AE5637F88954D33FAF79BBA2420AC271E117ED8AE70D0C0DE5EA5863750990339B
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing FormBook:

HELO: no-reverse-dns-configured.com
Sending IP: 94.102.50.162
From: "Kyung Jae, Kim" <info@lnpglobalcoorp.com>
Reply-To: groupreservation47@inbox.ru
Subject: RFQ For MFC Project PO (Purchase Order) Project materials, machinery and equipment
Attachment: MFC PROJECT DETAILS.img (contains "MFC PROJECT DETAILS.exe")

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
CH Switzerland Low
Global Low
# of uploads 3
# of downloads 33
Origin country FR FR
CAPE Sandbox Detection:Formbook
Link: https://www.capesandbox.com/analysis/16824/
ClamAV SecuriteInfo.com.Trojan.GenericKD.43411751.29282.3821.UNOFFICIAL
CERT.PL MWDB Detection:formbook
Link: https://mwdb.cert.pl/sample/f4ca965db7cfd5944b5d6902f391f91f7c3994973955f2af97a91ec146977cc4/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Noon
First seen:2020-06-30 01:09:00 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:formbook
Link: https://tria.ge/reports/200630-bfjep8vhg6/
Tags:trojan spyware stealer family:formbook persistence evasion
VirusTotal:Virustotal results 43.06%

Yara Signatures


Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_formbook_g0
Author:Slavo Greminger, SWITCH-CERT

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe f4ca965db7cfd5944b5d6902f391f91f7c3994973955f2af97a91ec146977cc4

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments